Re: Requiring Dual Factor Authentication / Multiple Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I would really like to implement SecurID, but its cost prohibitive.
This nice thing about SecurID is that it provides even another layer
of security. In my experience with it, I had to provide a pin, along
with the current code on the fob to pass SecurID authentication, in
addition to my host/network password this was true two factor
authentication.

My major problem with just using rsa/dsa keys or certs is that I have
to use the honor system and hope my user base is protecting their key
or cert with a strong password/passphrase. So I have to assume they
are not. Then there is the problem of securing the rsa/dsa key or
cert, I can not assume my users have any type of security set up on
their remote machines as I can not, nor want to, maintain their remote
networks.

Which brings me back to password authentication. If I were able to
require both a rsa/dsa key or cert in addition to providing a host
password (which I could enforce complexity and expiration times on) I
think it would give me reasonable two factor authentication without
the hefty costs associated with SecurID or similar systems

Thanks to all of you that have taken the time to read and to respond
to this thread, I appreciate your feedback.

Cheers,
Ryan

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux